Aquila logo
Retail

Aquila Connects 60+ Locations Across Australia with Cato’s Global Managed SD-WAN

Mobile Access Optimization
Firewall as a Service
Cloud Acceleration and Control
Secure and Optimized SD-WAN
quotes
“Now our inventory database stays current because with Cato our connectivity is so solid. If there’s a brownout or even a blackout on one line, Cato auto-connects by itself”
Mike Zidaj
Mike Zidaj,IT Manager

Internet VPN Becomes too Complex and Limited for Growing Company

Like many retailers, Aquila needed to connect its many stores; an Internet-based VPN sounded like the right approach. It was available everywhere and didn’t pin the company to a carrier. And it was affordable, which made it well suited for connecting small retail outlets, some with only a single computer.

But as the premium quality footwear manufacturer grew, Internet-based VPNs limitations became all too apparent. With 60 retail locations, warehouses, a headquarters, and applications running in Azure, Aquila’s VPN became incredibly complex.

“With each new store, we had to manually establish VPN connections with every other location. At first, it wasn’t that big a deal, but with more sites, we ended up spending hours establishing the VPN. It just didn’t scale,” says Mike Zidaj, the IT Manager at Aquila.

And since stores had to be manually connected, uptime was often compromised. If the local staff didn’t properly connect the VPN then IT had to manually log in every Sunday to force a connection to enable inventory logging at the site. “At any one time, approximately 30 percent of our offices were showing offline at the headquarters,” he says.

“With each new store, we had to manually establish VPN connections with every other location. At first it wasn’t that big a deal, but with more sites, we ended up spending hours establishing the VPN. It just didn’t scale”

What’s more with encrypted traffic (HTTPS) only growing, Zidaj was increasingly losing visibility into company’s Internet usage. The firewalls lacked the horsepower to decrypt the traffic. “We attempted to do URL filtering with our aging, end-point control software but it was hard to manage, lacked centralized reporting, and not all that effective. Users could easily get around it,” says Zidaj.

As a result, security was at risk and visibility was limited. “We couldn’t tell if employees were watching YouTube or working. There was simply no easy way of enforcing security policies on Web traffic,” says Zidaj

Zidaj Rejects MPLS and Turns to Cyber Risk and Cato For Help

Zidaj began looking around for a solution not only for his connectivity and security challenges. He considered deploying an MPLS service: “A lot of retailers were using MPLS and local firewalls,” he says, “But the approach was too costly and would have locked us into the telco,” he says.

Zidaj heard about Cato and turned to CyberRisk, a Cato partner, for assistance. “As a thought leader and trusted advisor in enterprise networking and security, we are excited to partner with Cato Networks in the ANZ region and see the value Cato delivers to our customers,” says Leong Wang, Director of CyberRisk. “Cato Networks is a leader in next-generation networks with integrated security services and is a huge differentiate from the aging global telco model.”

Zidaj decided to take the plunge. He replaced his Internet-based VPN and end-point control software with Cato. Cato Cloud is the only managed SD-WAN service that connects and secures mobile users, the cloud, branch offices, and headquarters across Australia and the rest of the globe with the agility of the cloud.

“As a thought leader and trusted advisor in enterprise networking and security, we are excited to partner with Cato Networks in the ANZ region and see the value Cato delivers to our customers”

Zidaj leveraged Cato’s mobile security and optimization to connect small locations with just a Cato Mobile Client. Avoiding appliances at each retail location significantly simplified deployment. Without an appliance to install and maintain, deployment was quick and simple. What’s more, all too often retail locations set in malls can only gain Internet access through private IPs provided through the mall’s Internet provider. Unlike many SD-WAN solutions, the Cato Mobile Client, as well as Cato’s SD-WAN device, the Cato Socket, can operate behind a NAT.

Zidaj equipped the computers at each retail store with Cato mobile clients. The mobile client sends all traffic across an encrypted tunnel automatically established to the nearest Cato point of presence (PoP). Cato Cloud currently covers all major Australian business centers from PoPs in Perth, Melbourne, and Sydney.

His Azure instances were connected through Cato’s agentless integration into Cato Cloud. A few clicks on the Cato Management Console and an IPsec VPN connection was established from the Cato PoPs to Microsoft Azure. Cato collocates its PoPs in the same physical datacenters as the Internet Exchange Points (IXPs) of the leading cloud datacenter providers, such as AWS and Azure.

“Deployment was good, and the setup was pretty simple and straightforward,” he says, “The Cato sales team, Cato Support, and CyberRisk helped a lot. It went well. We selected Cato, in part, because of its super quick and easy deployment.”

When Zidaj is ready, he’ll also be able to connect larger locations with Cato Sockets. Cato Sockets connect load balance traffic across multiple circuits — MPLS or Internet (DSL, Cable, LTE and more) for maximum performance and uptime. Sockets correct for packet loss and dynamically route Internet and WAN traffic across the optimum last mile to the nearest Cato PoP. The PoP’s cloud-native software inspects all traffic, even SSL/TLS traffic, applying the necessary networking and security policies. Traffic is forwarded across Cato’s global network or onto the Internet. All Cato Sockets come with Affordable High Availability (HA) built-in for inexpensive redundancy.

Deployment is Simple, Visibility and Control Improve Significantly

Since deploying Cato, Zidaj has seen uptime improve significantly. “Our Cato dashboard now usually shows all locations connected and says users have noticed the more reliable access,” he says.

Better network connectivity has directly impacted the business. “Now our inventory database stays current because with Cato our connectivity is so solid. If there’s a brownout or even a blackout on one line, Cato auto-connects by itself,” he says.

“Now our inventory database stays current because with Cato our connectivity is so solid. If there’s a brownout or even a blackout on one line, Cato auto-connects by itself”

And with Cato’s next-generation firewall (NGFW) inspecting all Internet and WAN traffic — encrypted and unencrypted — Zidaj is able to better secure his network. “The single pane management also gave us much improved control and visibility. Management is now able to see if shop staff are visiting Web sites that didn’t comply with our security policies — and take action.”

Aquila manufactures premium quality footwear and is based in Melbourne, Australia. The company used an Internet-based VPN to connect 60 retail locations, headquarters, and warehouses. The VPN also connected the company’s database, payroll, and inventory systems running as Azure instances. Public Internet access was through the firewall in the office headquarters.